Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205374.roa
File:                     AS205374.roa (raw, json)
Hash identifier:          yi9ZtJqNAzSM8IbEqqhiTBs5Evlc6UhpKApwBUcBkxk=
Subject key identifier:   3A:41:84:CE:99:E0:F1:E5:03:19:35:2A:6D:0E:A0:D7:F8:F7:89:F1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       35B3B839495AF7B6110ECC00B607B78B06BF58D0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205374.roa
Signing time:             Fri 29 Aug 2025 01:53:09 +0000
ROA not before:           Fri 29 Aug 2025 01:48:09 +0000
ROA not after:            Fri 28 Aug 2026 01:53:09 +0000
asID:                     205374
IP address blocks:        2a0f:85c1:cf5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:b3:b8:39:49:5a:f7:b6:11:0e:cc:00:b6:07:b7:8b:06:bf:58:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 29 01:48:09 2025 GMT
            Not After : Aug 28 01:53:09 2026 GMT
        Subject: CN=3A4184CE99E0F1E50319352A6D0EA0D7F8F789F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4a:5a:87:7b:81:df:d6:1a:11:15:6a:48:49:
                    e0:b8:ba:a6:d8:47:e6:24:d5:34:b8:dc:db:f7:a2:
                    80:7a:21:9a:e7:51:09:8a:50:2b:6e:53:9f:da:1e:
                    d1:3c:bb:ca:7d:f6:27:00:1a:c9:43:80:98:42:04:
                    e3:21:70:ef:4f:1b:67:ef:77:d8:f4:06:6c:46:0d:
                    27:70:87:ae:87:d4:32:36:49:84:f6:58:d7:a6:fe:
                    a5:63:4f:29:b1:77:f2:54:8d:e5:4c:5a:8d:74:07:
                    d2:15:d0:01:e5:8a:29:bd:bb:cc:38:59:d3:53:80:
                    99:22:93:8a:64:31:aa:59:72:b9:1f:1e:36:7d:fd:
                    9c:4f:00:49:c6:24:f2:92:1d:69:84:05:ef:1b:c2:
                    31:02:5a:24:3e:d1:a4:22:9f:2d:37:b8:51:83:13:
                    1d:1f:7c:fc:25:c7:68:68:c4:74:95:87:85:07:75:
                    0b:1e:2c:c4:2f:77:2e:7e:7a:9a:3a:f5:92:c6:c2:
                    0b:77:72:e9:9a:f4:23:e8:97:f8:0a:59:4f:07:42:
                    a2:36:01:5b:02:e7:17:e0:59:45:47:c4:60:26:64:
                    56:06:18:e6:42:59:df:bf:45:30:89:17:fc:aa:4b:
                    ed:d8:96:5d:25:b2:7f:5b:23:09:8a:c7:14:84:21:
                    ee:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:41:84:CE:99:E0:F1:E5:03:19:35:2A:6D:0E:A0:D7:F8:F7:89:F1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cf5::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:bc:f2:6e:92:49:95:94:5f:72:7e:21:c2:5d:19:c5:ac:ff:
         9c:5c:a2:fa:27:40:77:23:7d:3b:e7:d5:09:01:25:07:c6:5a:
         07:8c:ec:0f:ef:72:42:b7:2f:27:15:bd:c6:6c:96:42:c4:e7:
         f3:5f:80:6c:e2:0d:4e:37:9c:1a:6f:33:a3:e6:f0:bb:8a:84:
         78:47:fd:39:44:42:0b:ec:36:35:73:48:d6:d8:83:c9:6d:87:
         95:b6:eb:5e:e9:26:e8:5a:67:a7:73:37:01:49:d5:b6:ee:96:
         99:82:dc:a4:e0:01:c3:54:49:f9:b4:33:d4:df:ce:6a:f1:ba:
         40:dd:91:37:a4:d1:96:2f:f0:40:c5:1f:5a:b2:78:2c:7c:a5:
         31:a5:c2:d4:6c:b8:59:b8:ac:4f:fb:05:b5:26:13:ac:31:3e:
         bb:6d:5c:21:d3:b4:43:fb:b1:06:d6:8f:39:43:65:e0:2c:59:
         e3:4a:41:c6:13:3a:c2:3e:17:9c:6e:1e:35:1e:96:65:ff:83:
         26:94:d8:39:fc:c5:84:ad:c0:df:39:3c:dd:24:b5:ca:d4:2d:
         b5:2c:40:02:ba:91:bb:03:4c:8f:93:34:89:ee:aa:1d:4b:ff:
         fe:05:17:bc:c2:0b:3b:ef:32:2e:f1:d1:1b:1a:4f:1b:33:8a:
         61:4e:b7:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNbO4OUla97YRDswAtge3iwa/WNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MjkwMTQ4MDlaFw0yNjA4MjgwMTUzMDlaMDMxMTAvBgNV
BAMTKDNBNDE4NENFOTlFMEYxRTUwMzE5MzUyQTZEMEVBMEQ3RjhGNzg5RjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNSlqHe4Hf1hoRFWpISeC4uqbY
R+Yk1TS43Nv3ooB6IZrnUQmKUCtuU5/aHtE8u8p99icAGslDgJhCBOMhcO9PG2fv
d9j0BmxGDSdwh66H1DI2SYT2WNem/qVjTymxd/JUjeVMWo10B9IV0AHliim9u8w4
WdNTgJkik4pkMapZcrkfHjZ9/ZxPAEnGJPKSHWmEBe8bwjECWiQ+0aQiny03uFGD
Ex0ffPwlx2hoxHSVh4UHdQseLMQvdy5+epo69ZLGwgt3cuma9CPol/gKWU8HQqI2
AVsC5xfgWUVHxGAmZFYGGOZCWd+/RTCJF/yqS+3Yll0lsn9bIwmKxxSEIe4ZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUOkGEzpng8eUDGTUqbQ6g1/j3ifEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQz1MA0GCSqGSIb3DQEBCwUAA4IBAQBpvPJukkmVlF9yfiHCXRnFrP+cXKL6J0B3
I30759UJASUHxloHjOwP73JCty8nFb3GbJZCxOfzX4Bs4g1ON5wabzOj5vC7ioR4
R/05REIL7DY1c0jW2IPJbYeVtute6SboWmenczcBSdW27paZgtyk4AHDVEn5tDPU
385q8bpA3ZE3pNGWL/BAxR9asngsfKUxpcLUbLhZuKxP+wW1JhOsMT67bVwh07RD
+7EG1o85Q2XgLFnjSkHGEzrCPhecbh41HpZl/4MmlNg5/MWErcDfOTzdJLXK1C21
LEACupG7A0yPkzSJ7qodS//+BRe8wgs77zIu8dEbGk8bM4phTrcx
-----END CERTIFICATE-----